Check Point is investing heavily in educating IT pros about the cloud, not only to promote their own cloud security products but to give potential customers the skills they’ll need to keep their jobs as their employers move more and more resources to public cloud providers.
“We try to explain how to be relevant in the cloud,” says Itai Greenberg, head of cloud security for Check Point.
A lot of old-school IT security workers need to learn about how cloud infrastructure works, the terminology used, the interconnections between cloud and corporate owned networks and the ins and outs of APIs, among other skills.
“If they don’t understand how to do things in the cloud, how to design infrastructure, applications, they will find themselves irrelevant within five to six years,” he says.
The company offers free two-day boot camps to prospective customers, by the end of which they have securely provisioned an application in the cloud. They are then encouraged to do more research on their own to further enhance their skills, he says.
The upside for Check Point is that it can cut the sales cycle to a quarter of what it was, he says.
Most large companies have an individual or a team on staff that is well versed in cloud security, but that’s not necessarily true of IT security workers on the front lines. They may be masters of a Cisco box and how to configure a GUI, but they have yet to grasp the function of cloud security products that automate and orchestrate defenses as the cloud workload constantly shifts, he says.
These cloud specific security platforms enable the likes of developers and database administrators to define who can access what resources from where using tools that don’t require them to be security experts. But that doesn’t mean there is no longer a role for security experts, he says, just that the role is changing. “Technology simplifies the process, but it’s still a technology,” he says.
Security needs change from environment to environment, and that’s where the security pros come in, but they have to keep their skills current. “The majority of traditional IT people are very naïve and uninformed” about the challenges of cloud security, he says.
Customers fall into two camps, those that have a top-down cloud-first directive that’s pushing to make a rapid transition to public cloud services, and those who are also moving to the cloud but slowly. “We’re the ones that help them to put their toes in the water and see that it’s not too cold,” he says.
The learning curve entails realizing that using the cloud to give developers more flexibility setting up servers on their own also means letting them control access to the new resource and deciding who can access what from where without being a security expert.
The main thrust behind Check Point’s security architecture as well as many of its competitors is to provide visibility into cloud assets, learn about changes and automatically impose security without slowing down the process of setting up new cloud workloads.
Greenberg says Check Point has 80 people dedicated to this education effort. “We are investing heavily in this direction,” he says. “Cloud is the number one emerging area.”